Summary: | <www-client/chromium-17.0.963.56: Multiple vulnerabilities (CVE-2011-{3016,3017,3018,3019,3020,3021,3022,3023,3024,3025,3027}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ago, chromium, rich0 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Paweł Hajdan, Jr. (RETIRED)
2012-02-16 08:39:17 UTC
Please test things and stabilize. (In reply to comment #1) > Please test things and stabilize. www-client/chromium-17.0.963.56 stable on amd64. Pawel, next time please use a syntax to describe what packages and what version. e.g. Please mark stable: =www-client/chromium-17.0.963.56 x86 stable, GLSA draft is ready for review This issue was resolved and addressed in GLSA 201202-01 at http://security.gentoo.org/glsa/glsa-201202-01.xml by GLSA coordinator Tim Sammut (underling). CVE-2011-3027 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3027): Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. CVE-2011-3025 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3025): Google Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3024 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3024): Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate. CVE-2011-3023 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3023): Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to drag-and-drop operations. CVE-2011-3022 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3022): translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network. CVE-2011-3021 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3021): Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading. CVE-2011-3020 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3020): Unspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vectors. CVE-2011-3019 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3019): Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file. CVE-2011-3018 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3018): Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to path rendering. CVE-2011-3017 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3017): Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling. CVE-2011-3016 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3016): Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue. |